.\" Hey, Emacs! This is an -*- nroff -*- source file.
.\" Copyright (c) 2011 Tom Cocagne <tom.cocagne@gmail.com>
.\"
.\" Proccess this file with 
.\" groff -man -Tascii srp_auth.conf.5
.\"
.TH srp_auth.conf 5 "February 2011" "User Manuals"
.SH NAME 
srp_auth.conf \- Configuration file for SRP Authentication
.SH SYNOPSIS
.B /etc/srp_auth.conf
.SH DESCRIPTION
The
.I /etc/srp_auth.conf
file describes one or more configurations for use by the PAM
SRP Authentication plugin. This file may be created by hand though
in most cases the
.B srp_admin init_host 
command should be used to generate the file. The automated command
will ensure that all settings used in the file are compatible with
the specified authentication server.

The format of the file follows the
standard .ini format. 
.PP
A default configuration may be specified at the top of the
file, prior to declaring any named sections. Named sections are declared
by enclosing a name in brackets (e.g 
.B [ section_name ]
). All lines following a section definition belong to that section.
Section definitions do not nest or inherit values. Each section is
independent of any previous settings.
.PP
For each section,
the default and any named sections, the following options are
available:
.TP
.B server
.I (required)
Hostname or IP address of the server machine
.TP
.B port
.I (required)
Port used by the SRP authentication daemon
.TP
.B public_key_file
.I (required)
Specifies the file containing the public-key used to verify the authenticity
of the SRP server. The public key file may be obtained with the command:
"srp_admin get_public_info <filename>"
.TP
.B hash_algorithm
.I (optional)
Specifies the hashing algorithm to use during the SRP authentication
process. Allowable values:
.B SHA1,
.B SHA224,
.B SHA256,
.B SHA384,
.B SHA512.
This option defaults to 
.B SHA1
.TP
.B prime_size
.I (optional)
Specifies the size (in bits) of the prime number to use during the SRP authentication
process. Allowable values:
.B 1024,
.B 2048,
.B 4096,
.B 8192,
This option defaults to 
.B 2048
.TP
.B credential_cache
.I (optional)
Specifies the file to cache credentials in. The credential cache is updated on
each successful server authentication and will be used to authenticate users
when the server is unavailable (such as remote laptop use). The cache file
must exist and be of the appropriate internal format. Use the
.BR srp_admin (1)
command to create this file. Unless this option is specified, no credential
cache will be used.
.TP
.B max_cache_entries
.I (optional)
If credential caching is enabled, this option specifies the maximum number 
of unique credentials to cache. Defaults to 10 if not specified.
.SH FILES
.I /etc/srp_auth.conf
.SH EXAMPLE
.nf
server           = localhost
port             = 1234
public_key_file  = /var/lib/srp_auth/default_key.der
credential_cache = /var/lib/srp_auth/cache.db

[special_config]
  server = foo.bar.com
  port   = 1111
  public_key_file = /var/lib/srp_auth/special_config_key.der
.fi
.SH AUTHOR
Tom Cocagne <tom.cocagne@gmail.com>
.SH "SEE ALSO"
.BR srp_admin (1),
.BR srp_auth (7)
